Microsoft Office Users Should Be Aware of the Dridex Virus

Nov 17, 2015

Until now, you may never have heard of Dridex, a new strain of malware. That might be about to change – this year alone they have managed to steal over £20,000 from UK bank accounts. Microsoft Office users should be alert, prepared and know how to stay safe from Dridex.

Dridex malware was designed to effectively eavesdrop on a victim’s computer use in order to yield personal information, such as usernames, passwords and secret answers. The ultimate aim? Breaking into bank accounts and stealing cash.

Dridex was first made headlines in November of 2014, when Britain’s National Crime Agency led an intense international crackdown on the virus’s authors. Since then, arrests have been made in order to prevent the criminals from acting further. These arrests include that of Andrey Ghinkul, a 30 year old living in Cyprus. Ghinkul is alleged to have run the network that allowed the creators of Dridex to communicate securely.

Like many malware viruses, Dridex is mainly spread through infected emails. Victims will receive an email that contains an infected Microsoft Office file and the developers of the virus work to persuade recipients to open the attachment. However, unlike other viruses known as ‘worms,’ the Dridex virus doesn’t spread by itself. Developers must specifically target victims in order for them to receive the email. In September of 2015, Fujitsu revealed that the authors of Dridex were working from a database that contained 385 million email addresses, meaning that the targets were widespread and not personally specific.

The infected file attached to these emails infects computers by triggering a ‘macro’ (a small embedded program) when it is opened. This macro downloads the main part of the virus, the ‘trojan,’ which installs and runs on the victim’s computer. It isn’t like other computer viruses in that it doesn’t rely on a computer’s vulnerability,, but rather relies on legitimate means to run and install its programs. This does mean that users must open the infected attachment before it can bring them any harm.

New versions of Microsoft Office block macros by default, meaning that users would have to actively bypass the security message to become infected. Also, it is worth noting that Dridex will only infect Windows computers; the program cannot install on Mac OS X, Chrome OS or on mobile devices.

Dridex allows its developers to take money by monitoring the infected computer to steal logins, passwords and other banking details. The main targets for this scam are not usually individuals, but are instead often small and medium-sized organisations. Fujitsu says that it is difficult to name a company that hasn’t been targeted by the virus, and that finance departments were the most common targets.

Thankfully, their email security systems detected the malware before any employees opened the infected attachments.

The majority of people are now safe from Dridex, especially since US authorities seized the botnet that controlled the Dridex network. However, it does no harm to be extra cautious, as with other malware attacks. Ensure that all of your computers have up-to-date antivirus software and that macros are disabled by default in Microsoft Office (or that at least you are given a request for permission to open them).

Ultimately, you and your employees should be completely aware of the potential dangers of opening attachments from unknown email sources, and should always seek a second opinion if you have any reservations.